1583888 – (CVE-2018-11233) CVE-2018-11233 git: path sanity check in is_ntfs_dotgit() can read arbitrary memory

Bug 1583888 (CVE-2018-11233) - CVE-2018-11233 git: path sanity check in is_ntfs_dotgit() can read arbitrary memory

Summary: CVE-2018-11233 git: path sanity check in is_ntfs_dotgit() can read arbitrary ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-11233
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1583890 1583891 1584241 1593733
Blocks:	1583883
TreeView+	depends on / blocked

Reported:	2018-05-30 00:43 UTC by Sam Fowler
Modified:	2021-02-17 00:14 UTC (History)
CC List:	51 users (show)
Fixed In Version:	git 2.13.7, git 2.14.4, git 2.15.2, git 2.16.4, git 2.17.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-07-10 08:54:18 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2147	0	None	None	None	2018-07-10 08:35:08 UTC

Description Sam Fowler 2018-05-30 00:43:05 UTC

Git before versions 2.13.7, 2.14.4, 2.15.2, 2.16.4 and 2.17.1 performs path
sanity-checks in is_ntfs_dotgit():path.c that can be fooled into reading
arbitrary memory.

Upstream announcement:
https://marc.info/?l=git&m=152761328506724&w=2

Comment 1 Sam Fowler 2018-05-30 01:11:16 UTC

Created git tracking bugs for this issue:

Affects: fedora-all [bug 1583890]

Comment 7 Riccardo Schirone 2018-05-31 11:25:38 UTC

Statement:

This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include the vulnerable code.

Comment 8 Fedora Update System 2018-06-01 12:04:37 UTC

git-2.17.1-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Riccardo Schirone 2018-07-09 10:06:00 UTC

Patch:
https://github.com/git/git/commit/11a9f4d807a0d71dc6eff51bb87baf4ca2cccf1d

Comment 16 errata-xmlrpc 2018-07-10 08:34:50 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS

Via RHSA-2018:2147 https://access.redhat.com/errata/RHSA-2018:2147

Note You need to log in before you can comment on or make changes to this bug.

aileenc
alazarot
amahdal
anstephe
besser82
c.david86
chazlett
chrisw
dffrench
drieden
drusso
etirelli
gvarsami
hghasemb
hhorak
ibek
jbowes
jcoleman
jmadigan
jolee
jorton
jschatte
jshepherd
jstastny
kconner
krathod
kverlaen
ldimaggi
lgriffin
lpetrovi
ngough
nwallace
paradhya
pcahyna
pstodulk
pszubiak
pwright
rrajasek
rschiron
rsynek
rwagner
rzhang
sdaley
sfowler
skisela
tcunning
tjay
tkirby
tmz
trepel
vhalbert